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REMARKS 

The Examiner has objected to Claim 22 due to infonnalities. Applicant has 
clarified such claim to avoid such objection. 

The Examiner has rqected Claims 1-30 under 35 U.S.C. 101 as being directed 
toward non-statutory subject matter. Such rejection is deemed moot by virtue of the 
claim clarifications made hereinabove. 

The Examiner has rejected Claims 1, 3-11, 13-19 and 30 under 35 U.S.C. 102(e) 
as being anticipated by Vaidya (U.S. Patent No. 6,279,1 13). The Examiner has also 
rejected Claims 20-29 under 35 U.S.C. 102(e) as being anticipated by Copeland, m (U.S. 
Patent Application No. 2002/0144156). Applicant respectfully disagrees with such 
rejection, especially in view of the amendments made hereinabove to independent Claim 
1 etal. 

With respect to independent Claim 20, the Examiner has relied on paragraphs 
[0139-0140] and [0165] in Copeland to make a prior art showing of applicant's claimed 
"a signature classifier comprising a first stage classifier operable to classify packets 
according to at least one packet field into groups and a second stage classifier operable to 
classify said packets within each of flbie groups according to packet type or size.'' 

Applicant respectfiilly asserts that such excerpts simply teach that "header data is 
read. . .[and] based on the source and destination IP addresses, the tibtread 610 searches for 
an existing flow in the flow data structure 162" (paragraph [0139]). Furfhermore, 
Copeland discloses that ^^ormation is collected on aU packets and on certain categories 
of packets such as TCP and UDP" (paragraph [0165]). Applicant notes, however, that 
the header data and categories of packets are not utilized to classify packets in two stages, 
in the manner claimed by applicant^ but instead are two separate fimctions that are not in 
any way associated wifli each other. Furthermore, Copeland does not teach that the 
packets axe classified "according to at least one packet field into groups, " as claimed by 



PA6E1Q/13'RCVDAT12/12f200$ 7:12:52PM [Eastern Standard 



DEC. 12. 2005 4:24PM ZILKA-KOTAB. PC 



NO. 1284 P. 11 



-8- 

applicant, let alone that the 'Vpackets within each of the groups [are further classified] 
accotding to packet type or size" (empliasis added), as claimed. 

Witii respect to independent Claim 1 et al.. lecpplicant has amended such claims to 
incorporate the following claim language: 

'Vherein the classification is carried out by a first classification stage 
cq>able of classifying the data packets based on a first set of packet 
characteristics, and a second classification stage capable of classifying the data 
packets received fi»m Ae first classification stage based on a second set of 
cliaracteristics/' 

For substantially the same (but not identical) reasons as argued above, applicant 
respectfiilly asserts that the references relied on by the Examiner do not teach the two 
step classification process as presently claimed by applicant. 

The Examiner is reminded that a claim is anticipated only if each and every 
element as set forth in the claim is found, either expressly or inherently described in a 
single prior art reference. Verdegaal Bros. v. Union Oil Co. Of California^ 814 F.2d 628, 
631, 2 USPQ2d 1051, 1053 (Fed. Cir. 1987). Moreover, the identical invention must be 
shown in as complete detail as contained in the claim. Richardson v. Suzuki Motor 
CoM% F.2d 1226, 1236, 9USPQ2d 1913, 1920 (Fed. Cir. 1989). The elements must be 
arranged as required by the claim. 

This criterion has sunply not been met by the Vaidya and Copeland references, 
especially in view of the amendments made hereinabove. A notice of allowance or a 
specific prior art showing of each of ttxe foregoing claimed features, in combination with 
the remaining claimed features, is respectfiilly requested, 

Applicant fiirther notes that the prior art is also deficient with respect to the 
dependent claims. Just by way of example, with respect to Claims 4 and 6, the Examiner 
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has made a blanket statement that Vaidya teaches "classifying said packets according to 
at least one packet field into grotq>s" to make a prior art showing of applicant's claimed 
"classifying said packets within each of the groups according to packet type or size** (see 
Claim 4) where "classifying said packets according to packet size or type comprises 
classifying said packets according to packet length" (see Claim 6). Specifically, the 
Examiner has reUed on CoL 7, lines 2-21 and CoL 9, lines 46-61 in Vaidya to meet 
applicant's claim language. 

Applicant respectfully asserts that such excerpts merely disclose attack signatures 
that specify a packet with specified attributes such that the attack signature is compared 
to packets with such specified attributes in order to detect network intrusions. Clearly, 
attack signatures that are only appUed to packets with specific characteristics, as taught 
by Vaidya, do not meet applicant's claim language of "classifying said packets within 
each of the groups according to packet type or size" (emphasis added). 

With respect to Claim 14, the Examiner has relied on Col. 7, lines 2-1 1 and Col. 
9, lines 27-35 in Vaidya to make a prior art showing of applicant's claimed technique 
* Vherein the lookup is performed in a flow table and fiirther comprising Updating a field 
of the flow table." Applicant respectfiilly asserts that Vaidya does not specifically 
disclose a flow table, as claimed by applicant, but instead only generally teaches a 
'faction module 38 [that] takes steps to trace the s^lication session associated with the 
data packet, to terminate the session, and/or to notify the network admmistrator" and a 
^liash index [that] is used to search. . .for a set of attack signature profiles. . .associated 
with the packet information." Furthermoiie, Vaidya also fails to even suggest '\iDdating a 
field of the flow table," as specifically claimed by applicant (emphasis added). 

Applicant ag^ respectfully assorts that the Vaidya and Copeland references feil 
to teach all of ^pKcant*s specific claim limitations, as noted above. Thus, a notice of 
allowance or a proper prior art showing of all of the claim limitations, in the context of 
the remaining elements, is respectfully requested. 
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Still yet, applicant brings to the Examiner's attention the subject matter of new 
Claims 31-35 below, which are added for full consideration: 

*Svherein the first set of packet characteristics includes at least one of a 
destination address, a protocol type, and a destination port number^ (see Claim 31); 

'Svhenein the second set of packet characteristics includes at least one of packet 
type and a si2e^^ (see Claim 32); 

'*wherein only the second classification stage remains in codunuoication with a 
flow table for identifying an action to be taken with respect to the data packets" (see 
Claim 33); 

'Svherein the flow table is at least one hash table*' (see Claim 34); and 

'Svherdn the classification rules are generated after filtering the data packets" (see 
aaim 35). 

Thus, all of the independent claims axe deemed allowable. Moreover, the 
remainilxg dependent claims are further deemed allowable^ in view of their dependence 
on such independent claims. 

In the event a telephone conversation would expedite the prosecution of this 
application, the Examiner may reach the undersigned at (408) 50S-5100. The 
Coimnissioner is authorized to charge any additional fees or credit any overpayment to 
Deposit Account No. 50-1351 (Order No. NAJ1P318/01.240.01>' 



P.O, Box 721120 
SanJose^CA 95172-1120 
408-505-5100 




PA(X13/13*RCVDAT12f12/20057:12:52PM [Eastern Standard r^^^ 



